π¬ FOTA (Wireless Programming)
-
Is it possible to do OTA over RS485 connections?
-
Thanks for the (very) fast reply!
I have arduino in my greenhouse and in winter when it can be constantly wet and cold it is a real pain to take the laptop out to make any changes. This would be a good solution that would allow me and my laptop to stay warm and dry! - - - But how do I stop any one else programming it remotely? Is there some security to stop random programs being installed (it is controlling mains electricity and I need to be sure it is a safe option.
-
Thanks for the (very) fast reply!
I have arduino in my greenhouse and in winter when it can be constantly wet and cold it is a real pain to take the laptop out to make any changes. This would be a good solution that would allow me and my laptop to stay warm and dry! - - - But how do I stop any one else programming it remotely? Is there some security to stop random programs being installed (it is controlling mains electricity and I need to be sure it is a safe option.
-
@skywatch just to be complete: using signing as @tbowmo suggested only works with dualoptiboot bootloader.
When using MYSBootloader it will, as far as I know, accept any firmware when booting. To attack the node the attacker would have to reboot your node (power cycle,...) and then send his own firmware. So this is possible, but needs quite a good amount of control of your systems. -
@skywatch just to be complete: using signing as @tbowmo suggested only works with dualoptiboot bootloader.
When using MYSBootloader it will, as far as I know, accept any firmware when booting. To attack the node the attacker would have to reboot your node (power cycle,...) and then send his own firmware. So this is possible, but needs quite a good amount of control of your systems.@tekka have been looking at making a secure Ota boot loader, if I remember right. I thought that it was released already.
But if an intruder is able to get yo your node to do a reset in order to have the mysbootloader kick in, he could just as well put a new firmware in by attaching a programmer directly to the node.
-
Thank you all for the responses. If someone gets physical access then the game is over anyway. I just want to protect from some bored malicious person getting remote access and causing problems or even a fire.
If it is secure from 'others' hacking it remotely I might give it a try. -
Same question as @b0rmann - is it possible to do OTA from a non-Windows environment (Mac OSX or Linux)? A simple implementation in python or perl, that could talk to the gateway, and do OTA from the command line, would be a really nice to have. I would prefer the dualoptiboot solution, since it'll work with RFM69 nodes as well (at least that's my understanding)
-
It may be a silly question, but what is the point of setting the fuses before burning the bootloader (using Dualoptiboot)?
After burning the bootloader fuses are changed to E:06, H:D2, L:E2 anyway as set in board.txt
MysensorsMicro.bootloader.unlock_bits=0x3F MysensorsMicro.bootloader.lock_bits=0x0F MysensorsMicro.bootloader.low_fuses=0xE2 MysensorsMicro.bootloader.high_fuses=0xD2 MysensorsMicro.bootloader.extended_fuses=0x06Should we burn them after to revert to E:06, H:DA, L:E2 ? (and loosing EESAVE which seems bad)
-
hello all,
i have installed MYSBootloaderV13pre on my arduino mini pro 3.3V and this work fine.
But i encountered some issues with my jeedom version (the node.js crash) that why i want to replace this bootloader (temporarily) but i can't.
Do you know why when i burn a different bootloader, MYSBootloaderV13pre is still present ?
Thx in advance for your answers
-
This might be a stupid question but would it be possible to add a AT25DF512C-SSHN-B to a regular Pro mini by connecting it to a custom PCB like a jModule with a AT25DF512C-SSHN-B ?
-
i don't see any problem if you connect correctly the spi bus. it depends what's a jmodule??
in case i did this, perhaps smaller..
https://www.openhardware.io/view/18/OTA-and-Authentication-Evaluation-Board -
There is an ambiguity in documetation of MYSBootloader:
- On https://www.mysensors.org/download/sensor_api_20#configuration there is a Note: "You can still have OTA FW updates without external flash but it requires the MYSBootloader and disabled MY_OTA_FIRMWARE_FEATURE"
- Above on https://www.mysensors.org/about/ota#enabling-ota-in-your-sketch there is written: "To enable OTA in your sketch, you need to add #define MY_OTA_FIRMWARE_FEATURE"
So, in the case of MYSBootloader (no external flash), what is correct (I suppose 2)?
Two additional questions:
Where is located MYSBootloader for MySensors 2.0?
Is it usable with 8MHz internal clock config?Thanks for answer(s)
-
There is an ambiguity in documetation of MYSBootloader:
- On https://www.mysensors.org/download/sensor_api_20#configuration there is a Note: "You can still have OTA FW updates without external flash but it requires the MYSBootloader and disabled MY_OTA_FIRMWARE_FEATURE"
- Above on https://www.mysensors.org/about/ota#enabling-ota-in-your-sketch there is written: "To enable OTA in your sketch, you need to add #define MY_OTA_FIRMWARE_FEATURE"
So, in the case of MYSBootloader (no external flash), what is correct (I suppose 2)?
Two additional questions:
Where is located MYSBootloader for MySensors 2.0?
Is it usable with 8MHz internal clock config?Thanks for answer(s)
@tlustoch You need to enable MY_OTA_FIRMWARE_FEATURE only if you use DualOptiBoot.
With MYSBootloader, you don't need ;)I use MYSBootloader 1.3 pre-release with mysensors 2.0. You can find it here : https://forum.mysensors.org/topic/3453/mysbootloader-1-3-pre-release-myscontroller-1-0-0beta
And yes it usable with 8 MHZ internal clock config if you burn the bootloader with 8Mhz internal clock setting.
-
Short question from me: my mysensors network is set up with domoticz as a controller on a raspberry pi. I need to upgrade all my nodes to Version 2 of mysensors soon and want to enable wireless programming while I am at it. As far as I understand I do need to use MYSController to update a node, which seems to be a windows only program. Any way I can still use that with my linux based (raspi) network?
